Exciting news! Today NTT's Global IP Network (AS 2914) enabled RPKI based BGP Origin Validation on virtually all EBGP sessions, both customer and peering edge. This change positively impacts the Internet routing system.
The use of RPKI technology is a critical component in our efforts to improve Internet routing stability and reduce the negative impact of misconfigurations or malicious attacks. RPKI Invalid route announcements are now rejected in NTT EBGP ingress policies. A nice side effect: peerlock AS_PATH filters are incredibly effective when combined with RPKI OV.
For NTT, this is the result of a multiyear project, which included outreach, education, collaboration with industry partners, and production of open source software shared among colleagues in the industry.
Shout out to Cloudflare for the open source GoRTR software and the OpenBSD project for rpki-client(8).
I hope some take this news as encouragement to consider RPKI OV “invalid == reject"-policies as safe to deploy in their own BGP environments too. :-)
No comments:
Post a Comment